From: bugzilla-daemon@bugzilla.kernel.org
To: dri-devel@lists.freedesktop.org
Subject: [Bug 194579] AMDGPU: Possible size overflow detected by PaX in ttm_bo_handle_move_mem (drivers/gpu/drm/ttm/ttm_bo.c:388)
Date: Tue, 21 Feb 2017 13:19:29 +0000 [thread overview]
Message-ID: <bug-194579-2300-VR3L1Q0j7n@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-194579-2300@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=194579
--- Comment #12 from PaX Team (pageexec@freemail.hu) ---
(In reply to Christian König from comment #11)
> The issue is that the offset handling should actually be transparent to TTM.
> So mem.start can have any value here which might as well overflow during the
> assignment.
>
> So even with Nicolais suggestion of using LONG_MAX I would NAK the patch.
>
> The only clean solution I can see is to remove bo->offset altogether and
> move that into a helper the drivers can call on demand.
obviously i'm not qualified to do that kind of surgery ;), i'd just like
to keep our existing overflow checking instrumentation for
tm_buffer_object.offset
instead of getting rid of it because of just one intentional overflow. if
setting ->offset regardless of any overflows is important then couldn't we
go the other way and change the value of AMDGPU_BO_INVALID_OFFSET to something
that would not trigger the overflow here? say LONG_MAX >> PAGE_SHIFT. would
that work/not clash with otherwise valid values for this offset? (makes me
also wonder why ULONG_MAX isn't used since that would produce an even bigger
safety zone)
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
prev parent reply other threads:[~2017-02-21 13:19 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-13 17:06 [Bug 194579] New: AMDGPU: Possible size overflow detected by PaX in ttm_bo_handle_move_mem (drivers/gpu/drm/ttm/ttm_bo.c:388) bugzilla-daemon
2017-02-13 17:10 ` [Bug 194579] " bugzilla-daemon
2017-02-14 7:42 ` bugzilla-daemon
2017-02-14 9:52 ` bugzilla-daemon
2017-02-14 9:55 ` bugzilla-daemon
2017-02-14 15:07 ` bugzilla-daemon
2017-02-14 22:19 ` bugzilla-daemon
2017-02-16 23:18 ` bugzilla-daemon
2017-02-17 10:05 ` bugzilla-daemon
2017-02-18 0:21 ` bugzilla-daemon
2017-02-21 9:24 ` bugzilla-daemon
2017-02-21 9:52 ` bugzilla-daemon
2017-02-21 13:19 ` bugzilla-daemon [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-194579-2300-VR3L1Q0j7n@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=dri-devel@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.